Reputation: 2452
Optional identifiers in cognito hosted UI do not work
I've been using SAML identity federation on my Userpool which has a hosted SignIn page. I configured both the Azure Active Directory and cognito userpool so I can log in with an AD user. I have added multiple SAML providers similar manner and that works without an issue. The problem occurs when I use Identifiers attribute which is used to login to the corresponding IDP by extracting the domain name from the email. I followed this documentation. This is how it looks in the AWS console.
Now when I try to login with an AD user email it gives me Login not allowed error. It worked well when I don't use this identifiers optional parameter.
Can someone help me to resolve this issue?
Upvotes: 6
Views: 1301
Answers (1)
Reputation: 2452
Apparently "Identifiers" parameter has some connection with user-pool "General Settings -> Policies". You need to select "Allow users to sign themselves up" option for IDP identifiers to work.
Although this worked when you enable sign up option there will be a link to signup on the hosted page.
In my case, I do not want users to sign themselves up. However, this is some progress.
Upvotes: 1
Related Questions
- AWS Cognito Error: 'identityPoolId' failed to satisfy constraint
- Cognito Userpool as identy provider with client credentials works only after saving in aws console
- Web Interface for AWS Cognito Identity Pool Not Saving Changes For Authenticated Provider Role Selection
- Amazon Cognito User Pool - using the "username" attribute to store custom user IDs
- AWS Cognito Hosted UI server IP address could not be found
- AWS Cognito hosted UI returning id_token in URL
- Logged in cognito users don't show up in identity pool
- AWS Cognito Userpool via cloudformation file
- Call to AWSCognitoIdentityService.GetId for Cognito User Pools returns "Token is not from a supported provider of this identity pool."
- User Id from AWS Cognito User Pool